||||
Symantec.com > Security Response > Threats and Risks > SymbOS.Cardtrp.F
PRINT THIS PAGE

SymbOS.Cardtrp.F - Removal

Risk Level 1: Very Low

Printer Friendly Page

Discovered: November 14, 2005
Updated: February 13, 2007 12:46:24 PM
Also Known As: Cardtrap.F [F-Secure]
Type: Trojan Horse
Systems Affected: EPOC



Install a file manager program on the device.

  1. Enable the option to view the files in the system folder.

  2. Navigate to and delete the following files:

    • .\Risk.exe (A copy of W32.HLLW.Cydog@mm)
    • .\fsb.exe (A copy of W32.Ifbo.A)
    • .\Anti-VirusPack(Pack1).sis (A copy of SymbOS.Cabir.C)
    • .\Anti-VirusPack(Pack1)0.sis (A copy of SymbOS.Cabir.C)
    • .\PopUp0.txt
    • .\About0.txt
    • C:\autorun.inf
    • C:\etelsat.dll
    • C:\etelpckt.dll
    • C:\etelmm.dll
    • C:\ETel.dll
    • C:\system\Programs\cwoutcast.exe
    • C:\system\apps\Anti-Virus\FSAVDT.exe
    • C:\system\apps\Anti-Virus\Anti-Virus.rsc
    • C:\system\apps\Anti-Virus\Anti-Virus.app
    • C:\system\apps\Anti-Virus\FsAVUpdater.rsc
    • C:\system\apps\Anti-Virus\FsAVUpdater.app
    • C:\system\apps\Anti-Virus\FSAVEPOC.DAT
    • C:\system\apps\AntiVirus\flo.mdl (A copy of SymbOS.Cabir)
    • C:\system\apps\AntiVirus\Antivirus.rsc
    • C:\system\apps\AntiVirus\Antivirus.app
    • C:\system\apps\AppCtrl\AppCtrl.app
    • C:\system\apps\AppInst\Appinst.app
    • C:\system\apps\AppInst\Appinst.aif
    • C:\system\apps\AppMngr\AppMngr.app
    • C:\system\apps\AppMngr\AppMngr.aif (A copy of SymbOS.Skulls.C)
    • C:\system\apps\autolock\Autolock.app
    • C:\system\apps\autolock\Autolock.aif (A copy of SymbOS.Skulls.C)
    • C:\system\apps\bootdata\bootdata_CAPTION.rsC
    • C:\system\apps\bootdata\bootdata.app
    • C:\system\apps\CallManager\CallManager.App
    • C:\system\apps\caribe\flo.mdl (A copy of SymbOS.Cabir)
    • C:\system\apps\caribe\caribe.rsc
    • C:\system\apps\caribe\caribe.app (A copy of SymbOS.Cabir.B)
    • C:\system\apps\CommWarrior\commwarrior.exe
    • C:\system\apps\CommWarrior\commrec.mdl
    • C:\system\apps\EVS\EVS.rsc
    • C:\system\apps\EVS\EVS.app
    • C:\system\apps\FileManager\FileManager.app
    • C:\system\apps\FileManager\FileManager.aif (A copy of SymbOS.Skulls.C)
    • C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.rsc
    • C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.mdl (A copy of SymbOS.Cabir)
    • C:\system\apps\FSECUREANTIVIRUS\FSECUREANTIVIRUS.app (A copy of SymbOS.Cabir.B)
    • C:\system\apps\Gavno\gavno_caption.Rsc
    • C:\system\apps\Gavno\gavno.Rsc
    • C:\system\apps\Gavno\gavno.App
    • C:\system\apps\Menu\Menu.app
    • C:\system\apps\Menu\Menu.aif (A copy of SymbOS.Skulls.C)
    • C:\system\apps\MMCApp\MMCApp.app
    • C:\system\apps\MMCApp\mmcapp.aif (A copy of SymbOS.Skulls.C)
    • C:\system\apps\MultiTrap\MultiTrap
    • C:\system\apps\MultiTrap\MultiTrap.app
    • C:\system\apps\MultiTrap\ezrecog.MDL
    • C:\system\apps\MultiTrap\MultiTrap.rsc
    • C:\system\apps\OIDI500\OIDI500.rsc
    • C:\system\apps\OIDI500\OIDI500.mdl (A copy of SymbOS.Cabir)
    • C:\system\apps\OIDI500\OIDI500.app (A copy of SymbOS.Cabir)
    • C:\system\apps\OIDI500\OIDI500.aif
    • C:\system\apps\symcs\symcs.rsc
    • C:\system\apps\symcs\symcs.app
    • C:\system\apps\symcs\Security.rsc
    • C:\system\apps\symcs\Security.app
    • C:\system\apps\symlu\symlu.rsc
    • C:\system\apps\symlu\symlu.exe
    • C:\system\apps\velasco\velasco.rsc
    • C:\system\apps\velasco\velasco.app
    • C:\system\apps\velasco\marcos.mdl
    • C:\system\bif\FSBioMessage.bif
    • C:\system\bif\AVBioIcons.mbm
    • C:\system\bootdata\LocaleData.D01
    • C:\system\bootdata\HALData.dat
    • C:\system\bootdata\FirstBoot.dat
    • C:\system\bootdata\CommonData.D00
    • C:\system\bootdata\SIMLanguage.dat
    • C:\system\CARIBESECURITYMANAGER\caribe.app (A copy of SymbOS.Cabir.B)
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.RSC
    • C:\System\MALAYSIAJOHOR--jb\yuanV3-diy-by-7022207\free$8.APP (A copy of SymbOS.Cabir.M)
    • C:\system\RECOGS\YYSBootRec.mdl (A copy of SymbOS.Skulls.D)
    • C:\system\RECOGS\mod.MDL (A copy of SymbOS.Cabir.F)
    • C:\system\RECOGS\FSRec.mdl
    • C:\system\RECOGS\flo.mdl (A copy of SymbOS.Cabir)
    • C:\system\RECOGS\$$$.MDL (A copy of SymbOS.Cabir.M)
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.rsc
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\skulls.app (A copy of SymbOS.Cabir.F)
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\system\apps\skulls\mod.mdl (A copy of SymbOS.Cabir.F)
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.RSC
    • C:\System\SKULLSXSECUREDATA\SKULLSXSECUREDATA\SKULLSSECURITYMANAGER\skulls.APP (A copy of SymbOS.Cabir.F)
    • C:\nokia\images\nokias\malaysia\johor\pj\pj\pj\jb\jb\jb\imos\yuan\yuan\yuanyuan\blue\a-team\terence\ownpda\fuyuan.gif
    • Z:\System\Apps\AppInst\Appinst.app
    • Z:\System\Apps\AppInst\Appinst.aif
    • Z:\System\Apps\Phone\Menu.app
    • Z:\System\Apps\Phone\Menu.aif (A copy of SymbOS.Skulls.C)
    • Z:\System\Apps\Phone\Phone.app
    • Z:\System\Apps\Phone\Phone.aif (A copy of SymbOS.Skulls.C)
    • Z:\System\Apps\Phone\FREAKPHONE_CAPTION.RSC
    • Z:\System\Apps\Phone\FREAKPHONE.RSC
    • Z:\System\Apps\Phone\FREAKPHONE.APP
    • Z:\System\Apps\Phone\FreakPhone.aif
    • Z:\System\bin\pbe.dll
    • Z:\system\install\languages.txt
    • Z:\system\install\operinfo.txt
    • Z:\System\Programs\Starter.exe
    • Z:\System\Programs\midp2.exe
    • Z:\System\Programs\dnd.exe
    • Z:\System\Programs\AppRun.exe

  3. Delete the following files from the device's memory card:

    • E:\autorun.inf
    • E:\system.exe (A copy of W32.Wullik@mm)
    • E:\system\APPS.exe (A copy of W32.Ifbo.A)
    • E:\system\apps\ProfiExplorer\ProfiExplorer.app
    • E:\system\apps\ProfiExplorer\ProfiExplorer.aif (A copy of SymbOS.Skulls.C)
    • E:\system\CARIBESECURITYMANAGER\caribe.rsc
    • E:\system\apps\SmartFileMan\SmartFileMan_CAPTION.rsC
    • E:\system\apps\SmartFileMan\SmartFileMan.rsc
    • E:\system\apps\SmartFileMan\SmartFileMan.app
    • E:\system\apps\SmartFileMan\SmartFileMan.aif
    • E:\system\apps\SmartFileMan\flo.mdl (A copy of SymbOS.Cabir)
    • E:\system\apps\Launcher\Launcher.app
    • E:\system\apps\FExplorer\flo.mdl (A copy of SymbOS.Cabir)
    • E:\system\apps\FExplorer\FExplorer_CAPTION.rsC
    • E:\system\apps\FExplorer\FExplorer.rsc
    • E:\system\apps\FExplorer\FExplorer.app
    • E:\system\apps\FExplorer\FExplorer.aif
    • E:\system\apps\SystemExplorer\SystemExplorer_CAPTION.rsC
    • E:\system\apps\SystemExplorer\SystemExplorer.rsc
    • E:\system\apps\SystemExplorer\SystemExplorer.app
    • E:\system\apps\SystemExplorer\SystemExplorer.aif

  4. Exit the file manager.


Writeup By: Yana Liu
Search by name
Example: W32.Beagle.AG@mm
Windows 7
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS